17 March 2007

I was just listening to the most recent Security Now Podcast episode 83 wherein Steve Gibson goes to pains to describe what it takes on Windows to turn off your wireless hardware. Here's an excerpt from the transcript:

STEVE: Believe or not, yes. We’ve basically snuck in an entire show on maintaining full radio silence on Windows WiFi.

LEO: Well, it started when we were talking about this Free Public Wi-Fi that pops up on Windows from time to time, and what it was, and how now Microsoft has offered a fix but never told anybody about it, and you have to explicitly download it. That’s what we talked about last week. And if you didn’t hear last week’s episode, you should absolutely download that update.

STEVE: Right. So that was our second mention. Then the week before, Episode 81, we talked about – we actually showed the dialogues required to turn off the functionality, just sort of this promiscuous connect-to-anything-that-I-hear, and also this idea of broadcasting the names of any networks you had connected to before, which by default Windows tries to do. It turns out that it’s trying to do that still, even after you’ve got the update, because Microsoft added a checkbox to one of the configuration dialogues which is checked by default, and you have to go turn it off. So here in our fourth serialized How to Get Wi-Fi Just to Shut Up, we have additional instructions. People can, if they go to the show notes for this Episode 83, I’ve got a link back to the new and enhanced instructions that are over now on Episode 81’s notes. So Episode 81’s show notes are enhanced with this additional information, and this episode links back to those.

LEO: So this is if you installed the patch that Microsoft offered in November to fix wireless zero config, it’s still promiscuous unless you uncheck this box.

STEVE: Yes. There’s a box which enables it to connect to networks which are not broadcasting. And so if the networks are not broadcasting, then your computer does. And it’s just like, okay...

LEO: Is this ad hoc only? Or is it infrastructure networks, as well?

STEVE: It’s both. And so anyway, the idea is – in fact, I realized, okay, I started using the term “maintaining full radio silence.”

LEO: Yeah, that’s a good way to talk about it, yeah.

STEVE: As the famous jargon. And that’s what we want. We want to be able to carry a laptop around. If we forget to disable our Wi-Fi, we don’t want it sending out stuff of any sort. We want full radio silence. And so it turns out that following the instructions that are now on the show notes for 81, with the update which we talked about in 82, which we’re all pulling together now in 83, when we first opened the topic in 80, we basically snuck in a whole Security Now! episode on maintaining full radio silence."

Because Steve didn't mention how to do this on the Mac, I think I'll take the liberty of providing a comprehensive guide complete with pictures, so you can follow along. This guide applies to at least the last 3 versions of Mac OS X. Here goes:

Step 1: Click the Airport Menu

Step 2: Select Turn AirPort Off

Steve was talking mostly about WiFi radio emissions, but since most Macs have Bluetooth these days, I thought I'd go a step further and document how to turn off Bluetooth radio emissions as well.

Step 1: Click the Bluetooth Menu

Step 2: Select Turn Bluetooth Off

In conclusion, if you are ever responsible for designing the "turn it off" use case, please consider the above mentioned comparison before completing your design.

Update 2: It looks like I misunderstood what Steve was talking about. He wasn't talking about how to turn off WiFi, but how to keep the Windows WiFi system from broadcasting data about which networks you've connected to in the past. Does the Mac OS do this? I don't know.

I don't know if this is picking nits, but "Steve" explicitly said: "If we forget to disable our Wi-Fi, we don’t want it sending out stuff of any sort."

Bashing Windows is fun and all, but the real issue is how much info MOSX tells random strangers if Airport is not turned off. Is it too much to ask that the computer can find open networks, without telling the world the names of all previous networks, etc?

Actually, Björn has a point. The instructions you gave have a two step equivalent on Windows XP. Open up "Network Connections" in the Control Panel, right click the wireless adapter and select "Disable". I didn't realize until I reread this post is that Steve Gibson is complaining about something different than what you are giving the solution to.

Interesting. I think Björn is right. It looks like I mis-read the topic under discussion. :-( It looks like the better comparison is this: "If the Mac OS is in Automatic mode with WiFi on, does it broadcast recent networks?" And I admit, the answer to this question, I don't know.

The answer is no, Mac OS X does not rebroadcast recently-connected infrastructure networks in ad-hoc mode; Windows XP does it because of a misimplementation of RFC 3927. I've got some links on the issue over here:

Microsoft? misimplementation of an RFC? huh!? What? Are you kidding me! Microsoft doesn't adhere to their OWN RFC'S let alone someone else's.

To take it a step further on osx, just disable the thingy that says 'connect to trusted networks only' and it will not only not send the networks you've connected to before, but it won't connect to any access points unless you agree to it.